This month’s Patch Tuesday updates from Microsoft arrived with over 50 security fixes, becoming a relatively modest update bundle as compared to the January updates. Nonetheless, what makes the February Patch Tuesday important for Microsoft users is the security fixes for some zero-day vulnerabilities.
Microsoft Patch Tuesday February Security Fixes
The most important security fixes in the latest Patch Tuesday address four different zero-day vulnerabilities. Two of these flaws were publicly disclosed but escaped active exploitation, whereas the other two were attacked despite remaining undisclosed. Below is a quick overview of these vulnerabilities.
- CVE-2025-21418 (important; CVSS 7.8): A privilege escalation vulnerability in Windows Ancillary Function Driver for WinSock. Exploiting the flaw could allow SYSTEM privileges to the attacker. While it remained undisclosed prior a fix, Microsoft confirmed detecting active exploitation for it.
- CVE-2025-21391 (important; CVSS 7.1): Another privilege escalation vulnerability that went under attack prior a fix. This vulnerability existed in Windows Storage, allowing an attacker to delete data on the target device. While this vulnerability did not lead to information disclosure, an adversary could still brick the target system by deleting some important data.
- CVE-2025-21194 (important; CVSS 7.1): A security feature bypass in Microsoft Surface that became publicly disclosed. Yet, it escaped active exploitation likely due to the difficulties associated with it. Microsoft confirmed that exploiting this flaw required “multiple conditions to be met,” that too after the attacker gained access to the target restricted network. Even upon meeting all requirements, the attacker had to rely on a physical user to reboot the target machine for a successful exploit. If done, the vulnerability could allow bypassing UEFI and compromising the secure kernel and hypervisor.
- CVE-2025-21377 (important; CVSS 6.5): A spoofing vulnerability affecting NTLM Hash Disclosure. It’s another publicly disclosed vulnerability that remained unexploited before the patch. An attacker could exploit the flaw by tricking the target user into interacting with a maliciously crafted file. Once done, the vulnerability would disclose the user’s NTLMv2 hash, letting the attacker authenticate as the victim user.
Other Noteworthy Patches From Microsoft
In addition to the above, Microsoft addressed three critical severity vulnerabilities this month. These include 2 remote code execution vulnerabilities each in DHCP Client Service (CVE-2025-21379) and Windows Lightweight Directory Access Protocol (LDAP) (CVE-2025-21376) respectively, and a privilege escalation flaw in Microsoft Dynamics 365 Sales (CVE-2025-21177).
This update bundle also patched 49 vulnerabilities of important severity and a single low severity flaw. Users must ensure prompt updates to their devices to receive all security fixes in time and avoid potential threats.
Let us know your thoughts in the comments.
